Introduction: - A small business network design will of course be a function of the

number of users, and the programs that make it up. For most small businesses a peer
to peer network with a file server, a router, and a few workstations will be adequate.

Your file server can basically be a standard PC that you consider to be your file
server.

Small Office Network

Internet – ISP Wire to office

Modem Translates electronic data

Router Disperses electronic data

Network Adaptor Required for each Computer

Wired NIC (network interface card) or Ethernet card

Wireless Wireless Adaptor

 With this configuration you can use the file server as locker for all of your data and
set up online backup software to back it up continually. The costs for these services
are negligible when considering the frustration and lost time that comes from losing
your data.

I would like to suggest use static IP addresses to each work station not DHCP. What
this means is that the IP address of each machine will remain the same at all times.
Removing the variability that is associated with DHCP makes trouble shoots much
easier if you have any problems or need to add equipment to the network.

What you will need to get started;

cat 5 Ethernet Cable (purchase lengths accordingly)

cable/dsl modem (the box the cable supplying the internet plugs into)

Router (Wired or Wi-Fi. If using Wi-Fi stick with 802.11n)

Two workstation and two laptop

File server (another computer)

Modem

Printer

Network: - One or more devices connected together

To the Internet with a router

To each other in order to share Resources:

Internet Connections

Sharing Files

Sharing Printers

WAN, LAN, WLAN, PAN

WAN – Wide Area Network … many computers, locations

LAN – Local Area Network … few computers, 1 location

 PAN – Personal Area Network … home network

WLAN – Wireless Local Area Network

Note :- Cross-over cable can be confusing. Hold them side by side and the colors should be
the same, otherwise orange and blue are switched

Wireless

Wireless Networking Standards

802.11 a, b, and g

configuration specifications to insure compatibility

Different speed/range capabilities

Equipment conforming to “g” is most popular/available

Good for 100-400 feet … in a house

General rule – don’t mix equipment made to different standards

Bluetooth

Standard which is often used for peripheral devices

Printers, scanners, cell phones, etc

Short range (10 ft), high speed

What is a Cable/DSL Modem

Modem (modulator/demodulator)

encodes/decodes information transmitted to the internet

Usually provided and controlled by your ISP

Connects your home to the Internet.

This is the device that gets your public IP (internet protocol) address

Normally has no firewall protection

What is a Router

Connects one network to another … Sometimes called a “Gateway”

Connects your computer to the internet (cable modem or DSL Line) – keeps LAN traffic
local

Routers keep track of IP addresses and physical (MAC) addresses of hosts

IP (Internet Protocol) address … your computers internet address

MAC (Media Access Control) … id for each physical communication device

What is an Access Point

A point where computers access a network

Device which links wireless users to network

Transmits and receives data (Transceiver)

Bridge between wireless and wired networks

Can be linked together to cover broad area

No security or firewall implemented

What is a Firewall

A device that filters packets of data or traffic

Its job is to be a traffic cop

You configure the firewall:

What will allow to pass

What will it block

Hides your home network from the outside world

Can be either in hardware or software

Most popular routers for home have built in firewall protection

What Does a Firewall do?

They:

Protect your home computer from the bad guys

Keep your information private

Make you less of a target

By:

Stopping viruses

Hiding your computer from the world

Making the bad guys work harder to get your info

Firewall Protection

Hardware Firewall Routers

The idea is layers of protection

Examples of home combo units include

Belkin (we will demo tonight)

Dlink

Linksys

Netgear

Software Firewalls

Adding a second level of protection

Controlling what leaves your computer

By being aware of application level attacks

By allow you to schedule

Usage of the internet by time (control access at night)

By location (block content for young children)

Software Firewalls for Home Use

Examples

Zone Alarm (Free)

McAfee Firewall

Symantec’s Norton Personal Firewall

Computer Associates with Firewall (free)

Windows Firewall in XP Service Pack 2 (free)

Configure Wireless Firewall/router Overview

Basic Settings … name, ip address, etc

Check for firmware updates

Set Account name and password

Change name and password … don’t used default

Wireless Settings

SSID broadcast …

make sure that remote computers are set to automatically connect

Do not enable DMZ

Do enable ping blocking

Security - Blocking and Filtering

Wireless Security encryption

MAC filtering

Back up settings

Basic Settings and Info

Run Install CD that comes with router

Basic info will be automatically entered or requested

To change info:

For Belkin the default IP address is 192.168.2.1

Other manufacturers use different ip addresses (later slide)

Enter this into address bar

Setup page will be displayed

Firmware – firmware that is embedded in a hardware device

Updated occasionally by manufactures

Check whenever you access router

Account Name
Change name

Default name is set by manufacturer … eg, Belkin54

Bad guys know defaults and default administrative passwords

Create Administrative Password

Use Strong Password

Record your password where you can find it so you can make changes

Default Info

Router default info is easily available on internet for consumers

So Change Name and Password

Mfg Default IP User Password

Name
Belkin 192.168.2.1 admin blank

D-link 192.168.0.1 admin blank

Linksys 192.168.1.1 blank admin

Netgear 192.168.0.1 admin password

Wireless Settings

SSID - service set identifier

name given to your wireless network

Broadcasting this ID makes network visible to PCs in area

can be turned off so it will not be detected by other PCs in area

Be sure to set up your own pc to automatically detect and logon to your

WLAN
DMZ –

allows you to select a PC to access WLAN outside the firewall

do not enable unless firewall interferes with some activity

Ping Blocking –troubleshooting tool

Signal sent and echo received indicates valid ip address

Used by hackers to find active computers

Enable ping blocking … won’t send echo back

Security Blocking and Filtering

Encryption – coding transmissions

Multiple variations. 2 most common:

WPA-PSK … Wireless Protected Access (Pre-shared key)

Use same password for all computers

Preferred Choice

WEP … Wired equivalent privacy

64 or 128 bit encryption … doesn’t matter

Enter Password … converts to hex code

Must enter hex code

2nd Choice (if WPA not supported)

MAC Filtering

MAC address … Media Access Control address

Unique ID permanently attached to each communication device by manufacturer –

hardware id

Can find MAC address: run  cmd  ipconfig/all

Enter MAC addresses of acceptable network clients

If address is not on filter list, access to network will be denied

Very effective security method

RECAP
Steps to protect your wireless network

Change the default password on your router

Enable WPA(PSK) or WEP on router and wireless workstation

Use MAC address filtering

SSID broadcast off

Prohibit Peer-to-peer (Ad Hoc) networking

5. Keep current on hardware bios upgrades

Print and File Sharing

Overview

Print and File Sharing:

Useful, but Risky if all computers are not secure

Setting up Network for Printer and File sharing

Interface card

Set Interface card to allow

Each computer in network

Make sure each computer is part of network

 Printer

Make sure that Print sharing is allowed for printer

Load appropriate print drivers on each computer

Firewall Settings

Reset network IP range to trusted zone

Place files to share in “Shared Documents” folder

Print and File Sharing

Details (1)

Be sure WLAN is working and secure

Interface card

Start  connect to  NIC or WLAN card  properties

Check “File and Printer sharing on Microsoft Networks”

Repeat for all PCs on Network

Printer

Start  Printers and Faxes  shared printer

Select properties  sharing  check “share this Printer)

Print and File Sharing

Details (2)

Firewall

Be sure WLAN IPs are allowed in Firewall for all PCs

Zone Alarm

 Firewall  zones  add  IP range  <enter appropriate range>

Network ID for each computer

Under My Computer  Properties  Computer name

 Click Change and add WLAN name as Workgroup

Shared Documents Folder for each computer

Any files in the Shared Documents folder will be accessible from all computers

www.lccug.com

Set Up Your Router

If you are using a new router it should work right away with your computers. It may come with
software that will set up your initial configurations.
Security for small business wireless network

If you choose to go with a wireless/ Wi-Fi network a few precautions can be taken to minimize
the threat of an intruder.

1. Change your routers SSID. This is simply what you call your router. A name like “Joe the
plumber’s small business wireless network” could potentially draw some attention so stick
with something that promotes anonymity.
2. Don’t broadcast. Some router have a broadcast setting that you want to make sure is turned
off.
3. Use a password. Set up 128-bit WEP encryption. This is a straight forward process that
varies depending on your router. Once you set the password write it down and file it away.
4. Enable firewall. If your wireless router has one enable the firewall.
5. Set up a work group. The last measure is simply naming the workgroup of your network.
This will have to be done on each workstation. To do this, go to “Control Panel,” then
“System Properties,” then “Computer Name.” Click the “Change” button and type in a
new workgroup name.

What can one expect to pay for the above solution? Well, I recently reviewed a proposal from a
mom and pop computer repair and consulting company and the price for a new server, one
workstation, the router, and setting it all up was right around $1760.00.

Copyright SHYEntrepreneur.com. All Rights Reserved.

How to set up a TCP/IP network

You may want set up a local network for the Internet protocol TCP/IP (in addition to IPX) to
allow use of applications which use TCP/IP on your network. In addition you may want to set up
TCP/IP to allow computers on your LAN to access the Internet as described below. To do this set
up the TCP/IP protocol in Windows 98/XP networking and bind it to your Ethernet adapter. Each
computer on the LAN needs to have its own address. The addresses in the ranges 10.10.10.0 to
10.10.10.255 and 192.168.0.0 to 192.168.0.255 have been reserved for local networks so no site
on the Internet will have addresses in these ranges. Therefore you should give each computer on
your LAN a different address within this range such as 10.10.10.1, 10.10.10.2, etc. Doesn’t use
10.10.10.0 or 10.10.10.255 as these have special uses. Set the network mask to 255.255.255.0 on
each computer. You may be able to use the network connection wizard to automatically set up
your network.

Connecting your local network to the Internet

You can set up a modem on one of your computers under dial up networking to access an
Internet Service Provider (ISP) such as IBM.net or sprynet.com even though you have a local
TCP/IP network set up. The computer will automatically go to your local network for addresses
in the 10.10.10.X range and to your dial up network for other addresses. But what if you want
employees on any of your computers to have access to the Internet for email and other
applications? This can be done as follows:

ISPs generally provide a single Internet Protocol (IP) address to their low-cost dial-up customers.
This IP address is usually assigned dynamically at logon time so that it can be reassigned to
someone else when you log off. ISPs also usually only allow one person to log on at a time under
a single account so even if you have multiple phone lines and modems you would need multiple
ISP accounts to allow two or more people simultaneous internet access. There are a number of
software products such as Trumpet Firesock ( see "connectivity products" at www.tucows.com
or www.cws.com ) which allow multiple computers on a LAN to use a single ISP account
simultaneously. These programs use "IP spoofing" to make multiple users look like a single user
to your ISP. The modem and connectivity product are installed on one of your computers. The
TCP protocol in all the computers is set so that the address of the connectivity computer (eg
10.10.10.1) is set as the gateway. All the computers are set to use the Domain Name Server
address (DNS) specified by the ISP. The connectivity product can be set to automatically dial
and connect to the ISP whenever anyone tries to access any internet service outside your LAN
and disconnect after a predetermined time elapses with no access. The "connectivity computer"
would need to be left on whenever anyone might need access. Alternately a stand-alone "router"
can be used to connect between your LAN and the internet via dial-up modem, high speed
access, or ISDN line.

You can usually connect multiple computers to a network that also includes a cable modem or
DSL modem to allow all the computers Internet access. However, cable and DSL accounts also
typically charge more for multiple computer access to the Internet. If you have two NIC cards in
a connectivity computer you can connect one to your cable modem and the other to your in-
house network linking to other computers. Windows XP will nearly automatically set up both
sides of this arrangement (no additional connectivity product needed) such that the cable or DSL
modem thinks it is only talking to one user. You only pay the single user charge while your other
computers can access the Internet via the connectivity computer. You may also be able to use a
single NIC to connect to your internal network and use a USB cable to connect to the cable or
DSL modem, avoiding a second NIC. Inexpensive router boxes can be used to connect a single
modem to multiple computers.

Cable and DSL "always on" services normally semi-permanently assign an IP address and name
to your account.

Voice Over IP Services

Inexpensive router boxes are now available to support voice over IP (VOIP) services provided by
Vonage or other Internet based telephone service. These units connect to the Internet via RJ-45
cable connecting to your cable or DSL modem and typically provide two RJ-11 phone
connectors and three RJ-45 ethernet connectors. The ethernet connectors can be connected
directly to up to three computers. The phone connectors can be connected to ordinary phones to
provide up to two lines of phone service. The phone lines can be routed to many phones via
standard building phone lines. However, these small VOIP boxes may not be able to drive as
many ringers as a typical telephone company line. If you are using more than one phone on each
line, check with the box vendor to see how many phones each line can handle. A major
advantage of Vonage or other non-locality based VOIP provider is that by taking the little box
with you and plugging it in to local Internet, you can be reached on your local number wherever
you go. Callers have no way of knowing you are not in your office. Careful, if someone should
happen to dial 911 while in the remote location, the fire trucks are going to go to the wrong
address!

The quality of the VOIP service is mostly dependent on the quality of the underlying Internet
service. For example, if you are having problems with Vonage it is more likely that the actual
problem is with your cable or DSL supplier. If you are using a separate router (e.g. wireless
router) the VOIP box should be connected to the modem and the router connected to the VOIP
box. This way the VOIP box will have priority over the computer's access and voice quality will
be better during times when your computers are accessing the Internet.

Be advised that fax machines typically do not work well with VOIP. This is because any
momentary delay, slowdown, or dropped packets, which do not cause any problem with the
computer Internet connection, and only cause a click on the voice line, can interfere with the
operation of the analog modem in the fax causing a dropped fax error. If you are having
problems faxing, try setting the fax's modem to operate at a slower speed (2400 baud) instead of
the normal 14,400 baud. If the fax's instruction manual does not say how to do this (they
frequently do not), try searching on the Internet. Unfortunately, if it works today it still might not
work tomorrow when if the Internet is busier.

Many people report they are totally unable to obtain reliable fax operation through VOIP. It is
futile to look to the VOIP service for a solution and your Internet provider is likely to blame the
VOIP provider. An obvious solution that eliminates the need to even have a fax machine is to
have capability for receiving faxes as an email attachment and for sending faxes from a scanned
or PDF document file uploaded to the VOIP provider. This would allow you to send and receive
faxes at your laptop in the field as well as at your SOHO and also allows you to store faxes on
your hard drive as opposed to paper file. For some unknown reason, Vonage does not provide
this capability although they do provide the capability for receiving voice mail messages as email
attached audio files. You may obtain fax capability from myfax.com, which allows faxes to be
sent by sending an email with or without attachment to 13015552525@myfax.com, allows
receipt of faxes by email, and provides incoming fax numbers matching your area code. They
have a cheaper service in which you cannot specify area code for your incoming fax number.

Dynamic Host Configuration Protocol (DHCP)

All the participating devices (computers, routers, etc) in an Internet network need certain
configuration data to operate including the Internet Protocol (IP) address to be used by the
device, IP address of the upstream gateway, mask defining the size of the local network, and
nameserver addresses. Modern software and hardware can use DHCP to get this information
automatically from the upstream side at startup and avoid the need for manual entry. However,
you need to initialize the boxes in a particular order for this to work. If you first turn on the cable
or DSL modem, the modem will get its information from the company. Then you can turn on
your router box, which will get its information from the modem. Then turn on computers so they
can get their configuration data from the router box. If power fails frequently in your area you
may want to use a small uninterruptible power supply (UPS). to power the modem and router
boxes to avoid having to go through this sequence later.

Using ISDN with a local network

If you live in an area which provides Integrated Services Digital Network (ISDN) at reasonable
rates such as the Southern part of Bell Atlantic’s service area you may want to consider using
ISDN vs a modem and analog line to provide Internet connectivity to a LAN.ISDN is being
replaced with DSL or cable high speed Internet access.

Wireless

Inexpensive wireless routers are now available that connect to a cable or DSL modem and
provide a local wireless Internet "hot spot" in addition to providing typically three RJ-45
connections for wired service. Modern laptops,, netbooks, and smart phones typically come with
built-in wireless capability. Small wireless adapters that plug into a USB port can be used to
connect a desktop machine to the wireless network. Wireless typically has more "glitches" than
wired and may be somewhat slower, so if a computer is semi-permanently in the same room as
the router, use a wired connection.

Typical Small Office Network with Internet Capability

Here is a description of a typical Internet enabled small office network for a small company
"SmallCo":

Five PC type computers running Windows or MacOS are connected via NICs to an Ethernet
using 10-base-T RJ-45 wiring and an 8 port hub. PCs are configured to use TCP/IP protocol and
to use file and printer sharing over the IPX/SPX protocol so all employees can use all the printers
and can use a common file areas or drives on the PCs. A stand-alone router is used to connect to
the Internet via DSL, cable, or analog modem using an Internet access provider and single user
account. The company has a web site at www.xyz.com hosted elsewhere by an ISP or web site
developer. (Some DSL and cable providers object to users running web sites from their DSL or
cable accounts.) Each employee has an email address such as aaa@xyz.com , bbb@xyz.com etc.
The web site provider furnishes POP email mail boxes for each employee. Alternately, the web
site provider can supply aliases to route mail from "aaa@xyz.com” to an access provider mail
box. Email clients on the employee computers access the POP mail boxes to receive mail and
send mail via an access provider SMTP server.

Managing Modems and Routers

Cable modems, DSL modems, and routers usually have a built-in web server that displays
administrative pages. By entering the proper numerical IP address in your browser, you can
contact this web server and configure the operation of the device. Modems also usually display
diagnostic information including incoming signal strength, etc. This information is very useful
when talking to your provider about any problem. Modems, routers, and your individual
computers all can be configured to act as firewalls. This can cause confusion if, for example, you
are trying to alter the firewall to allow some new service. Also see DHCP above.

Copyright © 1997 - 2010 Azinet LLC